Comment It doesn't (Score 5, Informative) 98
It doesn't have to. It contacts the C&C server where someone presumably decides whether to install further bots or more resident exploits.
The exploit seems to be more about stealth distribution and about dropping other malware. This makes sense because if a dropper is detected as malicious, it becomes useless due to its detection. (You can safely assume anything using a dropper is malicious)
This means that anti virus software should in theory only be able to detect the actual dropped malware. Any new malware could have had a field day with this exploit because both the dropper and malware would not have been detected.
From my understanding of the article it actually dropped the Lurk trojan but I get the feeling it could drop anything the C&C wants it to.